Spyware/virus issue, hijackthis.log inside, please help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

rkerns

Thread Starter
Joined
Jan 3, 2006
Messages
8
I've tried everything I know how but this must be a new problem I am unware of how to fix. Please help.

Logfile of HijackThis v1.99.1
Scan saved at 12:45:58 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nteg.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\WINDOWS\system32\d3wk32.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Microsoft Outlook\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\tdupriest.cmka\Desktop\Virus-Spyware\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ewypx.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ewypx.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ewypx.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ewypx.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ewypx.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ewypx.dll/sp.html#53142%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ewypx.dll/sp.html#53142%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {E372ABFB-C6A8-55DE-A3BA-F15F21C5936B} - C:\WINDOWS\system32\mslv32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [d3wk32.exe] C:\WINDOWS\system32\d3wk32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Bginfo.lnk = C:\Bginfo.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI05E6~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {25E5C0D0-98ED-4D05-B338-E99CFD213C27} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {25E5C0D0-98ED-4D05-B338-E99CFD213C27} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://sbs2003.cmka.local:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://sbs2003.cmka.local:4343/officescan/console/ClientInstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://sbs2003.cmka.local:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://sbs2003.cmka.local:4343/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126889156858
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cmka.local
O17 - HKLM\Software\..\Telephony: DomainName = cmka.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cmka.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cmka.local
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\nteg.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
 
Joined
May 13, 2005
Messages
4,699
My name is David


Please do both of the following before we start if possible!:

1) Please print off these intructions - they will be needed later when internet access is not available.
2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
At the moment you may feel like you battling with your computer to keep it running smoothly, but doing the following things should most certainly help getting it back to how it was

It may look like a lot below - follow the instructions as carefully as possible and everything should be kool!
________________________________________________

Download CWShredder Here to its own folder.
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Click here to download AboutBuster created by Rubber Ducky
Unzip AboutBuster to the desktop then click the "Update Button" then click "Check for Update" and download the updates and then click "Exit".

Click here to download cwsserviceremove.zip : http://castlecops.com/zx/flrman1/cwsserviceremove.zip
Unzip it to your desktop and have it ready to run later.

Download CleanUp!
  • A window will open and choose SAVE, then DESKTOP as the destination.
  • On your Desktop, click on Cleanup40.exe icon.
  • Then, click RUN and place a checkmark beside "I Agree"
  • Then click NEXT followed by START and OK.
  • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
  • Click OK

    DO NOT run it yet!
Download KillBox here: http://www.downloads.subratam.org/KillBox.zip
Save it to your desktop.
DO NOT run it yet.

Make sure that you can see hidden files (Windows XP).
  1. Click "Start".
  2. Click "My Computer".
  3. Select the "Tools" menu and click "Folder Options".
  4. Select the "View" tab.
  5. Under the "Hidden files and folders" heading, select "Show hidden files and folders".
  6. Uncheck the "Hide protected operating system files (recommended)" option.
  7. Click "Yes" to confirm.
  8. Uncheck the "Hide file extensions for known file types".
  9. Click "OK".

Click Start > Run > and type in:

services.msc

Click OK.

In the services window find

Network Security Service

Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.

Note: You may get an error here when trying to access the properties of the service. If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.

Boot into Safe Mode (start tapping the F8 key at Startup, before the Windows logo screen)

Double click on the cwsserviceremove.reg file you downloaded at the beginning to enter into the registry.......Answer yes when asked to have it's contents added to the registry

With IE closed, run Hijack This again.
Put a checkmark on these entries and hit "fix checked":


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ewypx.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ewypx.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ewypx.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ewypx.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ewypx.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ewypx.dll/sp.html#53142%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ewypx.dll/sp.html#53142%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {E372ABFB-C6A8-55DE-A3BA-F15F21C5936B} - C:\WINDOWS\system32\mslv32.dll
O4 - HKLM\..\Run: [d3wk32.exe] C:\WINDOWS\system32\d3wk32.exe
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\nteg.exe


Double-click on Killbox.exe to run it.
Now put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\ewypx.dll
C:\WINDOWS\system32\mslv32.dll
C:\WINDOWS\system32\d3wk32.exe
C:\WINDOWS\system32\nteg.exe


Please Navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Then go to Start > Run and type [b]%temp%[/b] in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.

Empty the Recycle Bin.

Next run AboutBuster. Double click Aboutbuster.exe, click OK, click Start then click OK. This will scan your computer for the bad files and delete them.

Now, run CWShredder. Just click on the cwshredder.exe then click Fix (Not Scan only) and let it do its thing.

Now run cleanup!
  • Click on the "Cleanup" button and let it run.
  • Once its done, close the program.

Click Here to do a Panda online scan
  • If it asks you install active x controls click Yes
  • if a box comes up telling you to install the program also click Yes
  • Make sure you tick Disinfect automatically under Scan Options
  • complete the scan and post the log that you can save afterwards in the same way you did the HJT log.
  • It is normal for it to take a reasonable time to complete

Please download hoster from the link below.
http://www.funkytoad.com/download/hoster.zip
  • Unzip Hoster.zip
  • Open Hoster.exe
  • Then click on "Restore Original Hosts"
  • Close program when complete.
  • Empty Recycle Bin
  • Reboot and "copy/paste" a new log file into this thread, after completing any other instructions given

If you have Spybot S&D installed you will also need to replace one file.
Go here: http://www.spywareinfo.com/~merijn/winfiles.html
Download SDHelper.dll
Copy the file to the folder containing your Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy)

Check in the C:\Windows\system32 folder to be sure you have a file named Shell.dll. If you do not have one, go to the C:\Windows\system32\dllcache folder.
Find shell.dll and right click on it. Choose Copy from the menu.
Open the System32 folder and right click on an empty space in the window. Choose Paste from the menu.

Reboot and post another HijackThis log please.
 

rkerns

Thread Starter
Joined
Jan 3, 2006
Messages
8
I followed your instructions to the letter and I think that did it.
Here's the new log

Logfile of HijackThis v1.99.1
Scan saved at 3:12:38 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\tdupriest.cmka\Desktop\Virus-Spyware\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Global Startup: Bginfo.lnk = C:\Bginfo.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI05E6~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {25E5C0D0-98ED-4D05-B338-E99CFD213C27} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {25E5C0D0-98ED-4D05-B338-E99CFD213C27} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://sbs2003.cmka.local:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://sbs2003.cmka.local:4343/officescan/console/ClientInstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://sbs2003.cmka.local:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://sbs2003.cmka.local:4343/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126889156858
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cmka.local
O17 - HKLM\Software\..\Telephony: DomainName = cmka.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cmka.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cmka.local
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
 
Joined
May 13, 2005
Messages
4,699
With IE closed, run Hijack This again.
Put a checkmark on these entries and hit "fix checked":

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
________________

Click Here to do a Panda online scan
  • If it asks you install active x controls click Yes
  • If a box comes up telling you to install the program also click Yes
  • Make sure you tick Disinfect automatically under Scan Options
  • Complete the scan and post the log that you can save afterwards in the same way you did the HJT log.
  • It is normal for it to take a reasonable time to complete
______________

Please post back with the Panda Scan log and a new HJT log and we should be near done! :)

If you have any questions please don't hesitate to ask.

David (y)
 

rkerns

Thread Starter
Joined
Jan 3, 2006
Messages
8
I am unable to get the online Panda scan to work. It does not open correctly, it almost seems like there is a problem with their site.
Is there something else I can do or try?
 
Joined
May 13, 2005
Messages
4,699
Yes there is an equally good alternative:

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended (if available otherwise Standard)
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
David
 

rkerns

Thread Starter
Joined
Jan 3, 2006
Messages
8
Good deal, will do that and the other above and post both logs shortly.
Thanks
 

rkerns

Thread Starter
Joined
Jan 3, 2006
Messages
8
Looks like I'm not going to be able to get this done as soon as I had hoped, it may be later today or even tomorrow but I will post the last two logs for your review.
Thank you again so much for your help. (y)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

No members online now.
Top